CVE-2001-1386

WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

CVE ID:

CVE-2001-1386

Published:

2001-07-01

Modified:

2025-04-03

CVSS Score:

7.5

Severity:

HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N